<!doctype html>
<html lang="zh-CN">
<head>

    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    
    <meta name="referrer" content="no-referrer-when-downgrade">
    

    <title>渗透测试的部分资料 | Anttu&#39;s Blog</title>
    <meta property="og:title" content="渗透测试的部分资料 - Anttu&#39;s Blog">
    <meta property="og:type" content="article">
        
    <meta property="article:published_time" content='2022-05-25T00:29:47&#43;08:00'>
        
        
    <meta property="article:modified_time" content='2022-05-25T00:29:47&#43;08:00'>
        
    <meta name="Keywords" content="golang,go语言,go语言笔记,anttu,java,博客,bash,linux笔记,python笔记,公众号,小程序">
    <meta name="description" content="渗透测试的部分资料">
        
    <meta name="author" content="Anttu">
    <meta property="og:url" content="https://anttu.gitee.io/post/2022-05-25-pen_testing/">
    <link rel="shortcut icon" href='/favicon.ico'  type="image/x-icon">

    <link rel="stylesheet" href='/css/normalize.css'>
    <link rel="stylesheet" href='/css/style.css'>
    <script type="text/javascript" src="//cdn.bootcdn.net/ajax/libs/jquery/3.4.1/jquery.min.js"></script>

    
    
    
    
    
    
        <link rel="stylesheet" href='/css/asciinema-player.css'>
    
</head>


<body>
    <header id="header" class="clearfix">
    <div class="container">
        <div class="col-group">
            <div class="site-name ">
                
                    <a id="logo" href="https://anttu.gitee.io/">
                        Anttu&#39;s Blog
                    </a>
                
                <p class="description">一位Java开发者，喜欢研究技术，同时也在学习Golang和Python中，对服务器、Linux使用比较熟悉。欢迎添加技术交流QQ群：655158296</p>
            </div>
            <div>
                <nav id="nav-menu" class="clearfix">
                    <a class="current" href="https://anttu.gitee.io/">首页</a>
                    
                    <a  href="https://anttu.gitee.io/archives/" title="归档">归档</a>
                    
                    <a  href="https://anttu.gitee.io/tags/" title="分类">分类</a>
                    
                    <a  href="https://anttu.gitee.io/about/" title="关于">关于</a>
                    
                </nav>
            </div>
        </div>
    </div>
</header>

    <div id="body">
        <div class="container">
            <div class="col-group">

                <div class="col-8" id="main">
                    
<div class="res-cons">
    <style type="text/css">
    .post-toc {
        position: fixed;
        width: 200px;
        margin-left: -210px;
        padding: 5px 10px;
        font-family: Athelas, STHeiti, Microsoft Yahei, serif;
        font-size: 12px;
        border: 1px solid rgba(0, 0, 0, .07);
        border-radius: 5px;
        background-color: rgba(255, 255, 255, 0.98);
        background-clip: padding-box;
        -webkit-box-shadow: 1px 1px 2px rgba(0, 0, 0, .125);
        box-shadow: 1px 1px 2px rgba(0, 0, 0, .125);
        word-wrap: break-word;
        white-space: nowrap;
        -webkit-box-sizing: border-box;
        box-sizing: border-box;
        z-index: 999;
        cursor: pointer;
        max-height: 70%;
        overflow-y: auto;
        overflow-x: hidden;
    }

    .post-toc .post-toc-title {
        width: 100%;
        margin: 0 auto;
        font-size: 20px;
        font-weight: 400;
        text-transform: uppercase;
        text-align: center;
    }

    .post-toc .post-toc-content {
        font-size: 15px;
    }

    .post-toc .post-toc-content>nav>ul {
        margin: 10px 0;
    }

    .post-toc .post-toc-content ul {
        padding-left: 20px;
        list-style: square;
        margin: 0.5em;
        line-height: 1.8em;
    }

    .post-toc .post-toc-content ul ul {
        padding-left: 15px;
        display: none;
    }

    @media print,
    screen and (max-width:1057px) {
        .post-toc {
            display: none;
        }
    }
</style>
<div class="post-toc" style="position: absolute; top: 188px;">
    <h2 class="post-toc-title">文章目录</h2>
    <div class="post-toc-content">
        <nav id="TableOfContents">
  <ul>
    <li><a href="#前言">前言</a></li>
    <li><a href="#1漏洞扫描">1、漏洞扫描</a>
      <ul>
        <li><a href="#11-xray">1.1 xray</a></li>
        <li><a href="#12-acunetix">1.2 Acunetix</a></li>
      </ul>
    </li>
    <li><a href="#2漏洞利用">2、漏洞利用</a>
      <ul>
        <li><a href="#21-注入漏洞">2.1 注入漏洞</a></li>
      </ul>
    </li>
  </ul>
</nav>
    </div>
</div>
<script type="text/javascript">
    $(document).ready(function () {
        var postToc = $(".post-toc");
        if (postToc.length) {
            var leftPos = $("#main").offset().left;
            if (leftPos < 220) {
                postToc.css({ "width": leftPos - 10, "margin-left": (0 - leftPos) })
            }

            var t = postToc.offset().top - 20,
                a = {
                    start: {
                        position: "absolute",
                        top: t
                    },
                    process: {
                        position: "fixed",
                        top: 20
                    },
                };
            $(window).scroll(function () {
                var e = $(window).scrollTop();
                e < t ? postToc.css(a.start) : postToc.css(a.process)
            })
        }

        if ($("#TableOfContents").children().length < 1) {
            $(".post-toc").remove();
        }
    })
</script>
    <article class="post">
        <header>
            <h1 class="post-title">渗透测试的部分资料</h1>
        </header>
        <date class="post-meta meta-date">
            2022年5月25日
        </date>
        
        <div class="post-meta">
            <span>|</span>
            
            <span class="meta-category">
                <a href='/categories/testing' target="_blank">testing</a>
            </span>
            
        </div>
        
        
        <div class="post-meta">
            <span id="busuanzi_container_page_pv">|<span id="busuanzi_value_page_pv"></span><span>
                    阅读</span></span>
        </div>
        
        
        <div class="clear" style="display: none">
            <div class="toc-article">
                <div class="toc-title">文章目录</div>
            </div>
        </div>
        
        <div class="post-content">
            <h2 id="前言">前言</h2>
<p>整理了一些渗透测试的资料，方便查阅。</p>
<h2 id="1漏洞扫描">1、漏洞扫描</h2>
<h3 id="11-xray">1.1 xray</h3>
<p>xray 是一款功能强大的安全评估工具，由多名经验丰富的一线安全从业者呕心打造而成，主要特性有:</p>
<ul>
<li><strong>检测速度快</strong>。发包速度快; 漏洞检测算法高效。</li>
<li><strong>支持范围广</strong>。大至 OWASP Top 10 通用漏洞检测，小至各种 CMS 框架 POC，均可以支持。</li>
<li><strong>代码质量高</strong>。编写代码的人员素质高, 通过 Code Review、单元测试、集成测试等多层验证来提高代码可靠性。</li>
<li><strong>高级可定制</strong>。通过配置文件暴露了引擎的各种参数，通过修改配置文件可以极大的客制化功能。</li>
<li><strong>安全无威胁</strong>。xray 定位为一款安全辅助评估工具，而不是攻击工具，内置的所有 payload 和 poc 均为无害化检查。</li>
</ul>
<p>目前支持的漏洞检测类型包括:</p>
<ul>
<li>XSS漏洞检测 (key: xss)</li>
<li>SQL 注入检测 (key: sqldet)</li>
<li>命令/代码注入检测 (key: cmd-injection)</li>
<li>目录枚举 (key: dirscan)</li>
<li>路径穿越检测 (key: path-traversal)</li>
<li>XML 实体注入检测 (key: xxe)</li>
<li>文件上传检测 (key: upload)</li>
<li>弱口令检测 (key: brute-force)</li>
<li>jsonp 检测 (key: jsonp)</li>
<li>ssrf 检测 (key: ssrf)</li>
<li>基线检查 (key: baseline)</li>
<li>任意跳转检测 (key: redirect)</li>
<li>CRLF 注入 (key: crlf-injection)</li>
<li>Struts2 系列漏洞检测 (高级版，key: struts)</li>
<li>Thinkphp系列漏洞检测 (高级版，key: thinkphp)</li>
<li>POC 框架 (key: phantasm)</li>
</ul>
<h4 id="设计理念httpsdocsxraycoolid设计理念"><a href="https://docs.xray.cool/#/?id=%E8%AE%BE%E8%AE%A1%E7%90%86%E5%BF%B5">设计理念</a></h4>
<ol>
<li>
<p>发最少的包做效果最好的探测。</p>
<p>如果一个请求可以确信漏洞存在，那就发一个请求。如果两种漏洞环境可以用同一个 payload 探测出来，那就 不要拆成两个。</p>
</li>
<li>
<p>允许一定程度上的误报来换取扫描速度的提升</p>
<p>漏洞检测工具无法面面俱到，在漏报和误报的选择上必然要选择误报。如果在使用中发现误报比较严重，可以进行反馈。</p>
</li>
</ol>
<ul>
<li>
<p>尽量不用时间盲注等机制检测漏洞。</p>
<p>时间检测受影响因素太多且不可控，而且可能会影响其他插件的运行。因此除非必要（如 sql）请尽量使用与时间无关的 payload。</p>
</li>
<li>
<p>尽量不使用盲打平台</p>
<p>如果一个漏洞能用回显检测就用回显检测，因为盲打平台增加了漏洞检测过程的不确定性和复杂性。</p>
</li>
<li>
<p>耗时操作谨慎处理</p>
<p>全局使用 Context 做管理，不会因为某个请求而导致全局卡死。</p>
</li>
</ul>
<h4 id="简易架构httpsdocsxraycoolid简易架构"><a href="https://docs.xray.cool/#/?id=%E7%AE%80%E6%98%93%E6%9E%B6%E6%9E%84">简易架构</a></h4>
<p>整体来看，扫描器这类工具大致都是由三部分组成：</p>
<ol>
<li>来源处理</li>
<li>漏洞检测</li>
<li>结果输出</li>
</ol>
<h5 id="来源处理httpsdocsxraycoolid来源处理"><a href="https://docs.xray.cool/#/?id=%E6%9D%A5%E6%BA%90%E5%A4%84%E7%90%86">来源处理</a></h5>
<p>这一部分的功能是整个漏洞检测的入口，在 xray 中我们定义了 5 个入口，分别是</p>
<ul>
<li>HTTP 被动代理</li>
<li>简易爬虫</li>
<li>单个 URL</li>
<li>URL列表的文件</li>
<li>单个原始 HTTP 请求文件</li>
</ul>
<h5 id="漏洞检测httpsdocsxraycoolid漏洞检测"><a href="https://docs.xray.cool/#/?id=%E6%BC%8F%E6%B4%9E%E6%A3%80%E6%B5%8B">漏洞检测</a></h5>
<p>这一部分是引擎的核心功能，用于处理前面 来源处理 部分产生的标准化的请求。用户可以针对性的启用插件，配置扫描插件的参数，配置 HTTP 相关参数等。</p>
<h5 id="结果输出httpsdocsxraycoolid结果输出"><a href="https://docs.xray.cool/#/?id=%E7%BB%93%E6%9E%9C%E8%BE%93%E5%87%BA">结果输出</a></h5>
<p>漏洞扫描和运行时的状态统称为结果输出，xray 定义了如下几种输出方式:</p>
<ul>
<li>Stdout (屏幕输出, 默认开启)</li>
<li>JSON 文件输出</li>
<li>HTML 报告输出</li>
<li>Webhook 输出</li>
</ul>
<h4 id="代理模式httpsdocsxraycooltutorialwebscan_proxyid使用-xray-代理模式进行漏洞扫描"><a href="https://docs.xray.cool/#/tutorial/webscan_proxy?id=%E4%BD%BF%E7%94%A8-xray-%E4%BB%A3%E7%90%86%E6%A8%A1%E5%BC%8F%E8%BF%9B%E8%A1%8C%E6%BC%8F%E6%B4%9E%E6%89%AB%E6%8F%8F">代理模式</a></h4>
<h5 id="生成-ca-证书httpsdocsxraycooltutorialwebscan_proxyid生成-ca-证书"><a href="https://docs.xray.cool/#/tutorial/webscan_proxy?id=%E7%94%9F%E6%88%90-ca-%E8%AF%81%E4%B9%A6">生成 ca 证书</a></h5>
<p>在浏览器使用 https 协议通信的情况下，必须要得到客户端的信任，才能建立与客户端的通信。</p>
<p>这里的突破口就是 ca 证书。只要自定义的 ca 证书得到了客户端的信任，xray 就能用该 ca 证书签发各种伪造的服务器证书，从而获取到通信内容。</p>
<p>运行 <code>./xray_darwin_amd64 genca</code> 即可生成 ca 证书，保存为 <code>ca.crt</code> 和 <code>ca.key</code> 两个文件。</p>
<p>运行命令之后，将在当前文件夹生成 <code>ca.crt</code> 和 <code>ca.key</code> 两个文件。</p>
<p>本命令只需要第一次使用的时候运行即可，如果文件已经存在再次运行会报错，需要先删除本地的 <code>ca.crt</code> 和 <code>ca.key</code> 文件。</p>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">
<table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 1
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 2
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 3
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 4
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 5
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 6
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 7
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 8
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 9
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">10
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">11
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">12
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">13
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>Last login: Sun Apr <span style="color:#099">17</span> 01:24:34 on ttys000
</span></span><span style="display:flex;"><span>mannix@MannixdeMacBook-Pro-2 ~ % <span style="color:#0086b3">cd</span> Desktop/xray_darwin_amd64
</span></span><span style="display:flex;"><span>mannix@MannixdeMacBook-Pro-2 xray_darwin_amd64 % ./xray_darwin_amd64 genca
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>____  ___.________.    ____.   _____.___.
</span></span><span style="display:flex;"><span><span style="color:#d14">\ </span>  <span style="color:#d14">\/</span>  /<span style="color:#d14">\_</span>   __   <span style="color:#d14">\ </span> /  _  <span style="color:#d14">\ </span> <span style="color:#d14">\_</span>_  |   |
</span></span><span style="display:flex;"><span> <span style="color:#d14">\ </span>    /  |    _  _/ /  /_<span style="color:#d14">\ </span> <span style="color:#d14">\ </span> /   |   |
</span></span><span style="display:flex;"><span> /     <span style="color:#d14">\ </span> |    |   <span style="color:#d14">\/</span>    |    <span style="color:#d14">\ \_</span>___   |
</span></span><span style="display:flex;"><span><span style="color:#d14">\_</span>__/<span style="color:#d14">\ </span> <span style="color:#d14">\ </span>|____|   /<span style="color:#d14">\_</span>___|_   / / _____/
</span></span><span style="display:flex;"><span>      <span style="color:#d14">\_</span>/       <span style="color:#d14">\_</span>/        <span style="color:#d14">\_</span>/  <span style="color:#d14">\/</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>Version: 1.8.4/a47961e0/COMMUNITY-ADVANCED
</span></span><span style="display:flex;"><span>Licensed to tangshoupu, license is valid <span style="color:#000;font-weight:bold">until</span> 2022-08-03 08:00:00
</span></span></code></pre></td></tr></table>
</div>
</div><p>
        <img class="mx-auto" alt="image-20220417134619810" src="https://cdn.jsdelivr.net/gh/Asura88/Mannix/img/202204171346877.png" />   
    </p>
<h5 id="安装-ca-证书httpsdocsxraycooltutorialwebscan_proxyid安装-ca-证书"><a href="https://docs.xray.cool/#/tutorial/webscan_proxy?id=%E5%AE%89%E8%A3%85-ca-%E8%AF%81%E4%B9%A6">安装 ca 证书</a></h5>
<p>双击 <code>ca.crt</code>，然后按照下图的步骤操作。</p>
<p>右上角搜索 <code>x-ray</code>，可以看到一条记录，有一个红叉，被标记为不受信任的。</p>
<p>
        <img class="mx-auto" alt="image-20220417140809490" src="https://cdn.jsdelivr.net/gh/Asura88/Mannix/img/202204171408560.png" />   
    </p>
<p>然后双击这条记录，将 <code>SSL</code> 那一项改为始终信任，然后点击左上角关闭窗口，输入密码授权。</p>
<p>
        <img class="mx-auto" alt="image-20220417140918077" src="https://cdn.jsdelivr.net/gh/Asura88/Mannix/img/202204171409126.png" />   
    </p>
<h5 id="启动代理httpsdocsxraycooltutorialwebscan_proxyid启动代理"><a href="https://docs.xray.cool/#/tutorial/webscan_proxy?id=%E5%90%AF%E5%8A%A8%E4%BB%A3%E7%90%86">启动代理</a></h5>
<p>第一次启动 xray 之后，当前目录会生成 <code>config.yml</code> 文件，选择文件编辑器打开，并按照下方说明修改。</p>
<ul>
<li><code>mitm</code> 中 <code>restriction</code> 中 <code>hostname_allowed</code> 增加 <code>testphp.vulnweb.com</code></li>
</ul>
<pre tabindex="0"><code>mitm:
  ...
  restriction:                          
    hostname_allowed:                   # 允许访问的 Hostname，支持格式如 t.com、*.t.com、1.1.1.1、1.1.1.1/24、1.1-4.1.1-8
    - testphp.vulnweb.com
</code></pre><p>因为我们的测试目标站就是 <code>http://testphp.vulnweb.com</code>，增加这个过滤之后，xray 将只会扫描该站的流量，避免扫描到非授权目标站点。</p>
<ul>
<li>设定漏洞扫描结果的输出，这里选择使用 html 文件输出，所以命令行后面要增加 <code>--html-output xray-testphp.html</code>。</li>
</ul>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">
<table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>./xray_darwin_amd64 webscan --listen 127.0.0.1:7777 --html-output xray-testphp.html
</span></span></code></pre></td></tr></table>
</div>
</div><div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">
<table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 1
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 2
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 3
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 4
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 5
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 6
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 7
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 8
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 9
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">10
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">11
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">12
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">13
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">14
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">15
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">16
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">17
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">18
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">19
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">20
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">21
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">22
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">23
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">24
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">25
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">26
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">27
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">28
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">29
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">30
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">31
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">32
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">33
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">34
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">35
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">36
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">37
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">38
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">39
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">40
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>mannix@MannixdeMacBook-Pro-2 xray_darwin_amd64 % ./xray_darwin_amd64 webscan --listen 127.0.0.1:7777 --html-output xray-testphp.html
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>____  ___.________.    ____.   _____.___.
</span></span><span style="display:flex;"><span><span style="color:#d14">\ </span>  <span style="color:#d14">\/</span>  /<span style="color:#d14">\_</span>   __   <span style="color:#d14">\ </span> /  _  <span style="color:#d14">\ </span> <span style="color:#d14">\_</span>_  |   |
</span></span><span style="display:flex;"><span> <span style="color:#d14">\ </span>    /  |    _  _/ /  /_<span style="color:#d14">\ </span> <span style="color:#d14">\ </span> /   |   |
</span></span><span style="display:flex;"><span> /     <span style="color:#d14">\ </span> |    |   <span style="color:#d14">\/</span>    |    <span style="color:#d14">\ \_</span>___   |
</span></span><span style="display:flex;"><span><span style="color:#d14">\_</span>__/<span style="color:#d14">\ </span> <span style="color:#d14">\ </span>|____|   /<span style="color:#d14">\_</span>___|_   / / _____/
</span></span><span style="display:flex;"><span>      <span style="color:#d14">\_</span>/       <span style="color:#d14">\_</span>/        <span style="color:#d14">\_</span>/  <span style="color:#d14">\/</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>Version: 1.8.4/a47961e0/COMMUNITY-ADVANCED
</span></span><span style="display:flex;"><span>Licensed to tangshoupu, license is valid <span style="color:#000;font-weight:bold">until</span> 2022-08-03 08:00:00
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#000;font-weight:bold">[</span>INFO<span style="color:#000;font-weight:bold">]</span> 2022-04-17 14:14:56 <span style="color:#000;font-weight:bold">[</span>default:entry.go:213<span style="color:#000;font-weight:bold">]</span> Loading config file from config.yaml
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>Enabled plugins: <span style="color:#000;font-weight:bold">[</span>crlf-injection upload shiro sqldet ssrf xxe struts baseline cmd-injection redirect xss thinkphp brute-force dirscan jsonp path-traversal phantasm fastjson<span style="color:#000;font-weight:bold">]</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#000;font-weight:bold">[</span>INFO<span style="color:#000;font-weight:bold">]</span> 2022-04-17 14:14:56 <span style="color:#000;font-weight:bold">[</span>phantasm:phantasm.go:180<span style="color:#000;font-weight:bold">]</span> <span style="color:#099">358</span> pocs have been loaded <span style="color:#000;font-weight:bold">(</span>debug level will show more details<span style="color:#000;font-weight:bold">)</span>
</span></span><span style="display:flex;"><span><span style="color:#000;font-weight:bold">[</span>INFO<span style="color:#000;font-weight:bold">]</span> 2022-04-17 14:14:56 <span style="color:#000;font-weight:bold">[</span>shiro:shiro.go:64<span style="color:#000;font-weight:bold">]</span> found shiro key in config, merge its with the default key list
</span></span><span style="display:flex;"><span><span style="color:#000;font-weight:bold">[</span>INFO<span style="color:#000;font-weight:bold">]</span> 2022-04-17 14:14:56 <span style="color:#000;font-weight:bold">[</span>shiro:shiro.go:72<span style="color:#000;font-weight:bold">]</span> shiro key count <span style="color:#099">1115</span>
</span></span><span style="display:flex;"><span>These plugins will be disabled as reverse server is not configured, check out the reference to fix this error.
</span></span><span style="display:flex;"><span>Ref: https://docs.xray.cool/#/configration/reverse
</span></span><span style="display:flex;"><span>Plugins:
</span></span><span style="display:flex;"><span>	fastjson/fastjson/deserialization
</span></span><span style="display:flex;"><span>	poc-yaml-dlink-cve-2019-16920-rce
</span></span><span style="display:flex;"><span>	poc-yaml-jenkins-cve-2018-1000600
</span></span><span style="display:flex;"><span>	poc-yaml-jira-cve-2019-11581
</span></span><span style="display:flex;"><span>	poc-yaml-jira-ssrf-cve-2019-8451
</span></span><span style="display:flex;"><span>	poc-yaml-mongo-express-cve-2019-10758
</span></span><span style="display:flex;"><span>	poc-yaml-pandorafms-cve-2019-20224-rce
</span></span><span style="display:flex;"><span>	poc-yaml-saltstack-cve-2020-16846
</span></span><span style="display:flex;"><span>	poc-yaml-solr-cve-2017-12629-xxe
</span></span><span style="display:flex;"><span>	poc-yaml-supervisord-cve-2017-11610
</span></span><span style="display:flex;"><span>	poc-yaml-weblogic-cve-2017-10271
</span></span><span style="display:flex;"><span>	ssrf/ssrf/default
</span></span><span style="display:flex;"><span>	struts/s2-052/default
</span></span><span style="display:flex;"><span>	xxe/xxe/blind
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span><span style="color:#000;font-weight:bold">[</span>INFO<span style="color:#000;font-weight:bold">]</span> 2022-04-17 14:14:57 <span style="color:#000;font-weight:bold">[</span>collector:mitm.go:215<span style="color:#000;font-weight:bold">]</span> loading cert from ./ca.crt and ./ca.key
</span></span><span style="display:flex;"><span><span style="color:#000;font-weight:bold">[</span>INFO<span style="color:#000;font-weight:bold">]</span> 2022-04-17 14:14:57 <span style="color:#000;font-weight:bold">[</span>collector:mitm.go:270<span style="color:#000;font-weight:bold">]</span> starting mitm server at 127.0.0.1:7777
</span></span></code></pre></td></tr></table>
</div>
</div><p>
        <img class="mx-auto" alt="image-20220417141619539" src="https://cdn.jsdelivr.net/gh/Asura88/Mannix/img/202204171416609.png" />   
    </p>
<h5 id="配置代理httpsdocsxraycooltutorialwebscan_proxyid配置代理"><a href="https://docs.xray.cool/#/tutorial/webscan_proxy?id=%E9%85%8D%E7%BD%AE%E4%BB%A3%E7%90%86">配置代理</a></h5>
<h5 id="开始扫描httpsdocsxraycooltutorialwebscan_proxyid开始扫描"><a href="https://docs.xray.cool/#/tutorial/webscan_proxy?id=%E5%BC%80%E5%A7%8B%E6%89%AB%E6%8F%8F">开始扫描</a></h5>
<h4 id="爬虫模式httpsdocsxraycooltutorialwebscan_basic_crawlerid使用-xray-基础爬虫模式进行漏洞扫描"><a href="https://docs.xray.cool/#/tutorial/webscan_basic_crawler?id=%E4%BD%BF%E7%94%A8-xray-%E5%9F%BA%E7%A1%80%E7%88%AC%E8%99%AB%E6%A8%A1%E5%BC%8F%E8%BF%9B%E8%A1%8C%E6%BC%8F%E6%B4%9E%E6%89%AB%E6%8F%8F">爬虫模式</a></h4>
<p>爬虫模式是模拟人工去点击网页的链接，然后去分析扫描，和代理模式不同的是，爬虫不需要人工的介入，访问速度要快很多，但是也有一些缺点需要注意</p>
<ul>
<li>xray 的基础爬虫不能处理 js 渲染的页面</li>
</ul>
<h5 id="启动爬虫httpsdocsxraycooltutorialwebscan_basic_crawlerid启动爬虫"><a href="https://docs.xray.cool/#/tutorial/webscan_basic_crawler?id=%E5%90%AF%E5%8A%A8%E7%88%AC%E8%99%AB">启动爬虫</a></h5>
<h6 id="基础爬虫">基础爬虫</h6>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">
<table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>./xray_darwin_amd64 webscan --basic-crawler http://testphp.vulnweb.com/ --html-output xray-crawler-testphp.html
</span></span></code></pre></td></tr></table>
</div>
</div><h6 id="高级爬虫">高级爬虫</h6>
<blockquote>
<p>需要结合爬虫工具 Rad 共同使用</p>
</blockquote>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">
<table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>./xray_darwin_amd64 webscan --browser-crawler http://testphp.vulnweb.com/ --html-output xray-crawler-testphp.html
</span></span></code></pre></td></tr></table>
</div>
</div><h5 id="登录后的网站扫描httpsdocsxraycooltutorialwebscan_basic_crawlerid登录后的网站扫描"><a href="https://docs.xray.cool/#/tutorial/webscan_basic_crawler?id=%E7%99%BB%E5%BD%95%E5%90%8E%E7%9A%84%E7%BD%91%E7%AB%99%E6%89%AB%E6%8F%8F">登录后的网站扫描</a></h5>
<p>如果用的是代理模式，只要浏览器是登录状态，那么漏洞扫描收到的请求也都是登录状态的请求。但对于普通爬虫而言，就没有这么“自动化”了， 但是可以通过配置 Cookie 的方式实现登录后的扫描。</p>
<p>打开配置文件，修改 <code>http</code> 配置部分的 <code>Headers</code> 项:</p>
<pre tabindex="0"><code>http:
  headers:
    Cookie: key=value
</code></pre><p>上述配置将为所有请求（包括爬虫和漏洞扫描）增加一条 Cookie <code>key=value</code></p>
<h4 id="服务扫描httpsdocsxraycooltutorialservice_scanid使用-xray-进行服务扫描"><a href="https://docs.xray.cool/#/tutorial/service_scan?id=%E4%BD%BF%E7%94%A8-xray-%E8%BF%9B%E8%A1%8C%E6%9C%8D%E5%8A%A1%E6%89%AB%E6%8F%8F">服务扫描</a></h4>
<p>xray 中最常见的是 web 扫描，但是 xray 将会逐渐开放服务扫描的相关能力，目前主要是服务扫描相关的 poc。老版本升级的用户请注意配置文件需要加入服务扫描的相关 poc 名字，目前只有一个 tomcat-cve-2020-1938 ajp 协议任意文件检测 poc。</p>
<p>参数配置目前比较简单，输入支持两种方式，例如:</p>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">
<table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">2
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">3
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">4
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">5
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>快速检测单个目标
</span></span><span style="display:flex;"><span>./xray servicescan --target 127.0.0.1:8009
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>批量检查的 1.file 中的目标, 一行一个目标，带端口
</span></span><span style="display:flex;"><span>./xray servicescan --target-file 1.file 
</span></span></code></pre></td></tr></table>
</div>
</div><p>其中 1.file 的格式为一个行一个 service，如</p>
<pre tabindex="0"><code>10.3.0.203:8009
127.0.0.1:8009
</code></pre><p>也可以将结果输出到报告或json文件中</p>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">
<table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">2
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">3
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">4
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">5
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">6
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>将检测结果输出到 html 报告中
</span></span><span style="display:flex;"><span>./xray servicescan --target 127.0.0.1:8009 --html-output service.html
</span></span><span style="display:flex;"><span>./xray servicescan --target-file 1.file --html-output service.html
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>将检测结果输出到 json 文件中
</span></span><span style="display:flex;"><span>./xray servicescan --target 127.0.0.1:8099 --json-output 1.json 
</span></span></code></pre></td></tr></table>
</div>
</div><pre tabindex="0"><code>NAME:
    servicescan - Run a service scan task

USAGE:
    servicescan [command options] [arguments...]

OPTIONS:
   --target value       specify the target, for example: host:8009
   --target-file value  load targets from a local file, one target a line
   --json-output FILE   output xray results to FILE in json format
   --html-output FILE   output xray result to `FILE` in HTML format
</code></pre><h4 id="http-配置">HTTP 配置</h4>
<p>对于 web 扫描来说，http 协议的交互是整个过程检测过程的核心。因此这里的配置将影响到引擎进行 http 发包时的行为。</p>
<pre tabindex="0"><code>http:
  proxy: &#34;&#34;                             # 漏洞扫描时使用的代理，如: http://127.0.0.1:8080。 如需设置多个代理，请使用 proxy_rule 或自行创建上层代理
  proxy_rule: []                        # 漏洞扫描使用多个代理的配置规则, 具体请参照文档
  dial_timeout: 5                       # 建立 tcp 连接的超时时间
  read_timeout: 10                      # 读取 http 响应的超时时间，不可太小，否则会影响到 sql 时间盲注的判断
  max_conns_per_host: 50                # 同一 host 最大允许的连接数，可以根据目标主机性能适当增大
  enable_http2: false                   # 是否启用 http2, 开启可以提升部分网站的速度，但目前不稳定有崩溃的风险
  fail_retries: 0                       # 请求失败的重试次数，0 则不重试
  max_redirect: 5                       # 单个请求最大允许的跳转数
  max_resp_body_size: 2097152           # 最大允许的响应大小, 默认 2M
  max_qps: 500                          # 每秒最大请求数
  allow_methods:                        # 允许的请求方法
  - HEAD
  - GET
  - POST
  - PUT
  - PATCH
  - DELETE
  - OPTIONS
  - CONNECT
  - TRACE
  - MOVE
  - PROPFIND
  headers:
    User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
    # Cookie: key=value
</code></pre><h5 id="漏洞扫描用的代理httpsdocsxraycoolconfigrationhttpid漏洞扫描用的代理-proxy"><a href="https://docs.xray.cool/#/configration/http?id=%E6%BC%8F%E6%B4%9E%E6%89%AB%E6%8F%8F%E7%94%A8%E7%9A%84%E4%BB%A3%E7%90%86-proxy">漏洞扫描用的代理</a></h5>
<p>配置该项后漏洞扫描发送请求时将使用代理发送，支持 <code>http</code>, <code>https</code> 和 <code>socks5</code> 三种格式，如:</p>
<pre tabindex="0"><code>http://127.0.0.1:1111
https://127.0.0.1:1111
socks5://127.0.0.1:1080
</code></pre><p>如果代理需要认证，可以使用下面的格式 <code>http://user:password@127.0.0.1:1111</code></p>
<h5 id="多代理配置httpsdocsxraycoolconfigrationhttpid多代理配置"><a href="https://docs.xray.cool/#/configration/http?id=%E5%A4%9A%E4%BB%A3%E7%90%86%E9%85%8D%E7%BD%AE">多代理配置</a></h5>
<p>在漏洞扫描的时候，可能想不同的域名使用不同的代理，设置多个代理切换等，可以通过 <code>proxy_rule</code> 字段来配置。需要注意的是，<code>proxy</code> 配置将优先于本配置。</p>
<pre tabindex="0"><code>proxy_rule:
  - match: &#34;*host1&#34;
    servers:
      - addr: &#34;http://127.0.0.1:8001&#34;
        weight: 1
      - addr: &#34;http://127.0.0.1:8002&#34;
        weight: 2
  - match: &#34;*&#34;
    servers:
      - addr: &#34;http://127.0.0.1:8003&#34;
        weight: 1
      - addr: &#34;http://127.0.0.1:8004&#34;
        weight: 5
</code></pre><ul>
<li>match: 请求的 url 的主机名如果匹配，就使用本条规则。
<ul>
<li>如果是 <code>*</code>，则代表可以匹配所有。所以一定要将 <code>*</code> 放在最后面，上面没有匹配到的域名都将使用这个配置。</li>
<li>如果没有任何一条可以匹配，这个请求将不会使用代理。</li>
</ul>
</li>
<li>addr: 代理服务器的地址，同 <code>proxy</code> 的配置。</li>
<li>weight: 代理服务器的权重，如果 <code>servers</code> 中配置了多个代理服务器，设置权重可以均衡负载，比如权重是 <code>3:7</code>，则代表每 10 个请求，有 3 个选择 server1，有 7 个选择 server2。要注意的是，这里是 round bin 算法，前 3 个一定发往 server1，后面 7 个一定发往 server2，然后继续循环，不是每个请求都是基于权重随机的。</li>
</ul>
<h5 id="限制发包速度httpsdocsxraycoolconfigrationhttpid限制发包速度-max_qps"><a href="https://docs.xray.cool/#/configration/http?id=%E9%99%90%E5%88%B6%E5%8F%91%E5%8C%85%E9%80%9F%E5%BA%A6-max_qps">限制发包速度</a></h5>
<p>默认值 500， 因为最大允许每秒发送 500 个请求。一般来说这个值够快了，通常是为了避免被ban，会把该值改的小一些，极限情况支持设置为 1， 表示每秒只能发送一个请求。</p>
<h4 id="软件获取">软件获取</h4>
<h5 id="xray">xray</h5>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">
<table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 1
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 2
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 3
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 4
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 5
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 6
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 7
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 8
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 9
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">10
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">11
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-http" data-lang="http"><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://download.xray.cool/
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://download.xray.cool/xray
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://download.xray.cool/xray/1.8.4
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://github.com/chaitin/xray
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://github.com/chaitin/xray/releases
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://github.com/chaitin/xray/releases/tag/1.8.4
</span></span></span></code></pre></td></tr></table>
</div>
</div><blockquote>
<ul>
<li>
<p>新增如下热门漏洞 poc，感谢师傅们的提交，更新后即可自动加载</p>
<ul>
<li>apache-storm-unauthorized-access.yml</li>
<li>confluence-cve-2021-26085-arbitrary-file-read.yml</li>
<li>dahua-cve-2021-33044-authentication-bypass.yml</li>
<li>exchange-cve-2021-41349-xss.yml</li>
<li>gocd-cve-2021-43287.yml</li>
<li>grafana-default-password.yml</li>
<li>hikvision-unauthenticated-rce-cve-2021-36260.yml</li>
<li>jellyfin-cve-2021-29490.yml</li>
<li>jinher-oa-c6-default-password.yml</li>
<li>kingdee-eas-directory-traversal.yml</li>
<li>pentaho-cve-2021-31602-authentication-bypass.yml</li>
<li>qilin-bastion-host-rce.yml</li>
<li>secnet-ac-default-password.yml</li>
<li>spon-ip-intercom-file-read.yml</li>
<li>spon-ip-intercom-ping-rce.yml</li>
</ul>
</li>
<li>
<p>yaml 脚本部分更新</p>
<ul>
<li>
<p>增加了 http request 和 response 的 raw_header 方法</p>
</li>
<li>
<p>增加了 bicontains 和 faviconHash 函数</p>
</li>
<li>
<p>增加了 payloads 结构</p>
</li>
<li>
<p>增加了 http path 的表达能力，使用 <code>^</code> 来访问绝对路径</p>
</li>
<li>
<p>文档更新</p>
<p>更新 PR</p>
<ul>
<li>更新了上面新增的内容</li>
<li>更新了如何处理转义字符的说明，并提出了 multipart 中<code>\r\n</code> 的解决方法</li>
<li>更新了 http path 如何使用的文档</li>
<li>更新了 payload 如何使用的文档</li>
<li>更新了 webhook 的部分内容</li>
</ul>
</li>
</ul>
</li>
</ul>
</blockquote>
<h5 id="rad">Rad</h5>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">
<table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 1
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 2
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 3
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 4
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 5
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 6
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 7
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 8
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 9
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">10
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">11
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-http" data-lang="http"><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://download.xray.cool/
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://download.xray.cool/rad
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://download.xray.cool/rad/0.4
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://github.com/chaitin/rad
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://github.com/chaitin/rad/releases
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://github.com/chaitin/rad/releases/tag/0.4
</span></span></span></code></pre></td></tr></table>
</div>
</div><blockquote>
<ul>
<li>优化爬取效果，更强力更全面的页面分析能力，更优策略。</li>
<li>优化调度，爬取过程更快速顺畅。</li>
<li>将过滤分为<code>加入爬取队列</code>、<code>发送请求</code>、<code>输出结果</code>三部分配置，可以方便的控制各个环节的过滤。</li>
<li>体验细节优化。</li>
</ul>
</blockquote>
<h4 id="正版授权">正版授权</h4>
<pre tabindex="0"><code># xray license
# user_name: 南风向晚
# user_id: 05401157dde901314d34ba8e848dc5b2
# license_id: 1d7a9cec586e3b266f5dae9c68fd787c
# distribution: COMMUNITY-ADVANCED
# not_valid_before: 2021-08-03
# not_valid_after: 2022-08-03

AkTaFrP8/RnAYMjNKusPfREn2lGBVHf9gUkWnh/CR+UI65sfnwFPT80bxVQf0j8M9NorYJIDv4YAgtah+bI5n9AZ0XUo3t3uI8azU7IO241f/xmtnTmK3Vi90v04SiD+jsYlJOMysVur51mKDcklYjQayqrQxv/iVJNaImjoFMku5dMGTWD5Vxab/TTCfP6xEvk9OWoWkAo7aW8MJEmn9KbegdTw1M0TzbDcrdJpZFaC+7wbps2Leks62NTdhSS72ZWR0xiX9Ooxu6DXuJNO9dbIhG23fjcVb9HxYsOnvUDezanF7EDpBBs7ivGxjdot+vodOzJRqi2Yxa6qkZvMvN/Tsf2R/gjYtRkBmqAkRABofGGlIeMCAqS43wI7ivzpGXQy2EG02TnV2Ezb0A8GNaipEeDxLScbhtJ+6CuT22mSOmQHsLIW5FwqHgcfOjPupP2r29b1D+QaUgMppgsnZy4uOWOL4VRQjYtqhnwzpu9QC9eYQ6WKl6bVshIqz0MUN46bFVr8BpGqAm2T7e+NJJbYtSwVr/cOJSVaOHd2yyzSPGXa0kHBzs5t3SUGb7j5KE1ZRFG8kfbE9IyyZumjsGAOorUV+O2zri4zk+B/WvZVz1x9WoH9pUh3xpYYfo7feElrdDdSSnpFMHdqMmt6WUc=
</code></pre><p>
        <img class="mx-auto" alt="image-20220417190155033" src="https://cdn.jsdelivr.net/gh/Asura88/Mannix/img/202204171901176.png" />   
    </p>
<h3 id="12-acunetix">1.2 Acunetix</h3>
<h4 id="软件获取-1">软件获取</h4>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">
<table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 1
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 2
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 3
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 4
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 5
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 6
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 7
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 8
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 9
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">10
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">11
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">12
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">13
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-http" data-lang="http"><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://www.acunetix.com/support/build-history/
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://www.little2pig.work/archives/awvs147220401065
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://www.fahai.org/index.php/archives/138/
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://www.fahai.org/index.php/archives/146/
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">bash &lt;(curl -sk https://pan.fahai.org/d/Awvs/check.sh) xrsec/awvs
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">URL: https://server_ip:3443/#/login
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">UserName: awvs@awvs.lan
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">PassWord: Awvs@awvs.lan
</span></span></span></code></pre></td></tr></table>
</div>
</div><blockquote>
<h4 id="acunetix-build-history">Acunetix Build History</h4>
<h4 id="version-14-build-147220401065-for-windows-linux-and-macos--1st-april-2022">Version 14 build 14.7.220401065 for Windows, Linux and macOS – 1st April 2022</h4>
<h4 id="new-vulnerability-checks">New Vulnerability checks</h4>
<ul>
<li>Test for <a href="https://www.acunetix.com/blog/web-security-zone/critical-alert-spring4shell-rce-cve-2022-22965-in-spring/">Spring4Shell vulnerability</a> (<a href="https://tanzu.vmware.com/security/cve-2022-22965">CVE-2022-22965</a>)</li>
</ul>
</blockquote>
<h4 id="和谐办法">和谐办法</h4>
<blockquote>
<p>注意：软件需要默认安装。</p>
</blockquote>
<ol>
<li>
<p>修改本地HOSTS文件，增加以下2条域名解析：</p>
<pre tabindex="0"><code>127.0.0.1 updates.acunetix.com
127.0.0.1 erp.acunetix.com
</code></pre></li>
<li>
<p>停止awvs服务，将license_info.json和wa_data.dat文件复制到以下目录：</p>
<pre tabindex="0"><code>Windows : C:\ProgramData\Acunetix\shared\license
Linux   : /home/acunetix/.acunetix/data/license/
Mac     : /Applications/Acunetix.app/Contents/Resources/data/license/
</code></pre></li>
<li>
<p>复制完后设置 license_info.json 为只读模式。注：也是最重要的一步！！！无论哪个系统都要。</p>
</li>
<li>
<p>开启awvs服务，完毕。</p>
</li>
</ol>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">
<table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-http" data-lang="http"><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://pan.fahai.org/d/Awvs/check.sh
</span></span></span></code></pre></td></tr></table>
</div>
</div><div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">
<table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 1
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 2
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 3
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 4
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 5
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 6
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 7
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 8
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f"> 9
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">10
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">11
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">12
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">13
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">14
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">15
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">16
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">17
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">18
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">19
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">20
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">21
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">22
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">23
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">24
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">25
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">26
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">27
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">28
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">29
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">30
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">31
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">32
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">33
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">34
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">35
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">36
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">37
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">38
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">39
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">40
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">41
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">42
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">43
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">44
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">45
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">46
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">47
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#999;font-weight:bold;font-style:italic">#!/usr/bin/env bash
</span></span></span><span style="display:flex;"><span><span style="color:#999;font-weight:bold;font-style:italic"></span>
</span></span><span style="display:flex;"><span><span style="color:#998;font-style:italic"># set -ex</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>Echo_c<span style="color:#000;font-weight:bold">()</span> <span style="color:#000;font-weight:bold">{</span>
</span></span><span style="display:flex;"><span>  <span style="color:#0086b3">echo</span> <span style="color:#d14">&#34;\033[1;33m</span><span style="color:#008080">$1</span><span style="color:#d14">\033[0m&#34;</span>
</span></span><span style="display:flex;"><span><span style="color:#000;font-weight:bold">}</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>check<span style="color:#000;font-weight:bold">()</span> <span style="color:#000;font-weight:bold">{</span>
</span></span><span style="display:flex;"><span>  Echo_c <span style="color:#d14">&#34; Starting cracking&#34;</span>
</span></span><span style="display:flex;"><span>  curl -s -o awvs_listen.zip https://www.fahai.org/usr/uploads/2021/09/734242510.zip
</span></span><span style="display:flex;"><span>  docker cp awvs_listen.zip awvs:/awvs/
</span></span><span style="display:flex;"><span>  docker <span style="color:#0086b3">exec</span> -it awvs /bin/bash -c <span style="color:#d14">&#34;unzip -o /awvs/awvs_listen.zip -d /home/acunetix/.acunetix/data/license/&#34;</span>
</span></span><span style="display:flex;"><span>  docker <span style="color:#0086b3">exec</span> -it awvs /bin/bash -c <span style="color:#d14">&#34;chmod 444 /home/acunetix/.acunetix/data/license/license_info.json&#34;</span>
</span></span><span style="display:flex;"><span>  docker <span style="color:#0086b3">exec</span> -it awvs /bin/bash -c <span style="color:#d14">&#34;chown acunetix:acunetix /home/acunetix/.acunetix/data/license/wa_data.dat&#34;</span>
</span></span><span style="display:flex;"><span>  docker <span style="color:#0086b3">exec</span> -it awvs /bin/bash -c <span style="color:#d14">&#34;rm /awvs/awvs_listen.zip&#34;</span>
</span></span><span style="display:flex;"><span>  docker <span style="color:#0086b3">exec</span> -it awvs /bin/bash -c <span style="color:#d14">&#34;echo &#39;127.0.0.1 updates.acunetix.com&#39; &gt; /awvs/.hosts&#34;</span>
</span></span><span style="display:flex;"><span>  docker <span style="color:#0086b3">exec</span> -it awvs /bin/bash -c <span style="color:#d14">&#34;echo &#39;127.0.0.1 erp.acunetix.com&#39; &gt;&gt; /awvs/.hosts&#34;</span>
</span></span><span style="display:flex;"><span>  docker restart awvs
</span></span><span style="display:flex;"><span>  rm awvs_listen.zip
</span></span><span style="display:flex;"><span>  Echo_c <span style="color:#d14">&#34; Crack over!&#34;</span>
</span></span><span style="display:flex;"><span><span style="color:#000;font-weight:bold">}</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>logs<span style="color:#000;font-weight:bold">()</span> <span style="color:#000;font-weight:bold">{</span>
</span></span><span style="display:flex;"><span>  docker logs awvs 2&gt;&amp;<span style="color:#099">1</span> | head -n <span style="color:#099">23</span>
</span></span><span style="display:flex;"><span><span style="color:#000;font-weight:bold">}</span>
</span></span><span style="display:flex;"><span>
</span></span><span style="display:flex;"><span>main<span style="color:#000;font-weight:bold">()</span> <span style="color:#000;font-weight:bold">{</span>
</span></span><span style="display:flex;"><span>  Echo_c <span style="color:#d14">&#34; Start Install&#34;</span>
</span></span><span style="display:flex;"><span>  Echo_c <span style="color:#d14">&#34; 本操作会删除所有名字包含 awvs 的容器，5秒后将执行&#34;</span>;sleep <span style="color:#099">5</span>
</span></span><span style="display:flex;"><span>  docker pull <span style="color:#d14">&#34;</span><span style="color:#008080">$1</span><span style="color:#d14">&#34;</span>:latest
</span></span><span style="display:flex;"><span>  <span style="color:#000;font-weight:bold">if</span> <span style="color:#000;font-weight:bold">[</span> ! -n <span style="color:#d14">&#34;</span><span style="color:#000;font-weight:bold">$(</span>docker ps -aq --filter <span style="color:#008080">name</span><span style="color:#000;font-weight:bold">=</span>awvs<span style="color:#000;font-weight:bold">)</span><span style="color:#d14">&#34;</span> <span style="color:#000;font-weight:bold">]</span>; <span style="color:#000;font-weight:bold">then</span>
</span></span><span style="display:flex;"><span>    <span style="color:#000;font-weight:bold">if</span> <span style="color:#000;font-weight:bold">[</span> ! -n <span style="color:#d14">&#34;</span><span style="color:#000;font-weight:bold">$(</span>docker ps -aq --filter <span style="color:#008080">publish</span><span style="color:#000;font-weight:bold">=</span>3443<span style="color:#000;font-weight:bold">)</span><span style="color:#d14">&#34;</span> <span style="color:#000;font-weight:bold">]</span>; <span style="color:#000;font-weight:bold">then</span>
</span></span><span style="display:flex;"><span>      docker run -itd --name awvs -p 3443:3443 --restart<span style="color:#000;font-weight:bold">=</span>always <span style="color:#008080">$1</span>:latest;check
</span></span><span style="display:flex;"><span>      logs
</span></span><span style="display:flex;"><span>    <span style="color:#000;font-weight:bold">else</span>
</span></span><span style="display:flex;"><span>      docker run -itd --name awvs -p 3444:3443 --restart<span style="color:#000;font-weight:bold">=</span>always <span style="color:#008080">$1</span>:latest;check
</span></span><span style="display:flex;"><span>      Echo_c <span style="color:#d14">&#34; Please visit https://127.0.0.1:3444&#34;</span>
</span></span><span style="display:flex;"><span>    <span style="color:#000;font-weight:bold">fi</span>
</span></span><span style="display:flex;"><span>  <span style="color:#000;font-weight:bold">else</span>
</span></span><span style="display:flex;"><span>    docker rm -f <span style="color:#000;font-weight:bold">$(</span>docker ps -aq --filter <span style="color:#008080">name</span><span style="color:#000;font-weight:bold">=</span>awvs<span style="color:#000;font-weight:bold">)</span>
</span></span><span style="display:flex;"><span>    docker run -itd --name awvs -p 3443:3443 --restart<span style="color:#000;font-weight:bold">=</span>always <span style="color:#008080">$1</span>:latest
</span></span><span style="display:flex;"><span>    check
</span></span><span style="display:flex;"><span>    logs
</span></span><span style="display:flex;"><span>  <span style="color:#000;font-weight:bold">fi</span>
</span></span><span style="display:flex;"><span><span style="color:#000;font-weight:bold">}</span>
</span></span><span style="display:flex;"><span>main <span style="color:#008080">$1</span>
</span></span></code></pre></td></tr></table>
</div>
</div><h2 id="2漏洞利用">2、漏洞利用</h2>
<h3 id="21-注入漏洞">2.1 注入漏洞</h3>
<h4 id="sqlmap">sqlmap</h4>
<p>sqlmap 是一个开源的渗透测试工具，可以用来自动化的检测，利用SQL注入漏洞，获取数据库服务器的权限。它具有功能强大的检测引擎,针对各种不同类型数据库的渗透测试的功能选项，包括获取数据库中存储的数据，访问操作系统文件甚至可以通过带外数据连接的方式执行操作系统命令。</p>
<h5 id="软件获取-2">软件获取</h5>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">
<table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">2
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">3
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">4
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">5
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">6
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">7
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-http" data-lang="http"><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://sqlmap.org/
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://github.com/sqlmapproject/sqlmap
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://github.com/sqlmapproject/sqlmap/releases
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://github.com/sqlmapproject/sqlmap/archive/refs/heads/master.zip
</span></span></span></code></pre></td></tr></table>
</div>
</div><h5 id="使用手册">使用手册</h5>
<div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">
<table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">2
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">3
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">4
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">5
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">6
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">7
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">8
</span><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">9
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-http" data-lang="http"><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://github.com/sqlmapproject/sqlmap/wiki/Usage
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://wooyun.kieran.top/#!/drops/25.sqlmap%E7%94%A8%E6%88%B7%E6%89%8B%E5%86%8C
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://wooyun.kieran.top/#!/drops/59.sqlmap%E7%94%A8%E6%88%B7%E6%89%8B%E5%86%8C%5B%E7%BB%AD%5D
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://wooyun.kieran.top/#!/drops/460.%E4%BD%BF%E7%94%A8sqlmap%E4%B8%ADtamper%E8%84%9A%E6%9C%AC%E7%BB%95%E8%BF%87waf
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">
</span></span></span><span style="display:flex;"><span><span style="color:#a61717;background-color:#e3d2d2">https://wooyun.kieran.top/#!/drops/505.SQLMAP%E8%BF%9B%E9%98%B6%E4%BD%BF%E7%94%A8
</span></span></span></code></pre></td></tr></table>
</div>
</div><div class="highlight"><div style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">
<table style="border-spacing:0;padding:0;margin:0;border:0;"><tr><td style="vertical-align:top;padding:0;margin:0;border:0;">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code><span style="white-space:pre;user-select:none;margin-right:0.4em;padding:0 0.4em 0 0.4em;color:#7f7f7f">1
</span></code></pre></td>
<td style="vertical-align:top;padding:0;margin:0;border:0;;width:100%">
<pre tabindex="0" style="background-color:#fff;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>python3 sqlmap.py -r 1.txt --level<span style="color:#000;font-weight:bold">=</span><span style="color:#099">5</span> --risk<span style="color:#000;font-weight:bold">=</span><span style="color:#099">3</span> -v <span style="color:#099">3</span> --random-agent <span style="color:#000;font-weight:bold">[</span>--chunk<span style="color:#000;font-weight:bold">]</span> <span style="color:#000;font-weight:bold">[</span>--proxy<span style="color:#000;font-weight:bold">=</span><span style="color:#d14">&#34;http://127.0.0.1:8008&#34;</span><span style="color:#000;font-weight:bold">]</span>
</span></span></code></pre></td></tr></table>
</div>
</div>
        </div>

        
<div class="post-archive">
    <ul class="post-copyright">
        <li><strong>原文作者：</strong><a rel="author" href="https://anttu.gitee.io/">Anttu</a></li>
        <li style="word-break:break-all"><strong>原文链接：</strong><a href="https://anttu.gitee.io/post/2022-05-25-pen_testing/">https://anttu.gitee.io/post/2022-05-25-pen_testing/</a></li>
        <li><strong>版权声明：</strong>本作品采用<a rel="license" href="https://creativecommons.org/licenses/by-nc-nd/4.0/">知识共享署名-非商业性使用-禁止演绎 4.0 国际许可协议</a>进行许可，非商业转载请注明出处（作者，原文链接），商业转载请联系作者获得授权。</li>
    </ul>
</div>
<br/>



        

<div class="post-archive">
    <h2>See Also</h2>
    <ul class="listing">
        
        <li><a href="/post/2022-04-22-shell_question/">转载-shell 13问</a></li>
        
        <li><a href="/post/2022-04-02-spring_cloud_gateway/">spring cloud gateway的一些细节注意</a></li>
        
        <li><a href="/post/2022-03-23-linux_backend_execute/">linux后台执行可用方式整理</a></li>
        
        <li><a href="/post/2022-03-05-redis_safe/">redis日常使用的一些建议</a></li>
        
        <li><a href="/post/2022-02-13-logrotate/">logrotate日志切割</a></li>
        
    </ul>
</div>


        <div class="post-meta meta-tags">
            
            没有标签
            
        </div>
    </article>
    
    

    
    
    <div class="post bg-white">
      <script src="https://utteranc.es/client.js"
            repo= "anTtutu/anTtutu.github.io"
            issue-term="pathname"
            theme="github-light"
            crossorigin="anonymous"
            async>
      </script>
    </div>
    
    
    
</div>

                    <footer id="footer">
    <div>
        &copy; 2025 <a href="https://anttu.gitee.io/">Anttu&#39;s Blog By Anttu</a>
        
    </div>
    <br />
    <div>
        <div class="github-badge">
            <a href="https://gohugo.io/" target="_black" rel="nofollow"><span class="badge-subject">Powered by</span><span class="badge-value bg-blue">Hugo</span></a>
        </div>
        
        <div class="github-badge">
            <a href="https://github.com/flysnow-org/maupassant-hugo" target="_black"><span class="badge-subject">Theme</span><span class="badge-value bg-yellowgreen">Maupassant</span></a>
        </div>
    </div>
</footer>


    
    
    <script type="text/javascript">
        window.MathJax = {
            tex2jax: {
                inlineMath: [['$', '$']],
                processEscapes: true
                }
            };
    </script>
    <script src='//cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/MathJax.js?config=TeX-MML-AM_CHTML' async></script>

<a id="rocket" href="#top"></a>
<script type="text/javascript" src='/js/totop.js?v=0.0.0' async=""></script>
<style type="text/css">
div.highlight {
    position: relative;
    margin: 1em 0px;
}

.copy-code {
    display: none;
    position: absolute;
    top: 4px;
    right: 4px;
    color: rgba(255, 255, 255, 0.8);
    background: rgba(78, 78, 78, 0.8);
    border-radius: var(--radius);
    padding: 0 5px;
    font: inherit;
    user-select: none;
    cursor: pointer;
    border: 0;
    --radius: 8px;
}

div.highlight:hover .copy-code,pre:hover .copy-code {
    display: block;
}

</style>
<script>
    document.querySelectorAll('pre > code').forEach((codeblock) => {
        const container = codeblock.parentNode.parentNode;

        const copybutton = document.createElement('button');
        copybutton.classList.add('copy-code');
        copybutton.innerHTML = 'copy';

        function copyingDone() {
            copybutton.innerHTML = 'copied!';
            setTimeout(() => {
                copybutton.innerHTML = 'copy';
            }, 2000);
        }

        copybutton.addEventListener('click', (cb) => {
            if ('clipboard' in navigator) {
                navigator.clipboard.writeText(codeblock.textContent);
                copyingDone();
                return;
            }

            const range = document.createRange();
            range.selectNodeContents(codeblock);
            const selection = window.getSelection();
            selection.removeAllRanges();
            selection.addRange(range);
            try {
                document.execCommand('copy');
                copyingDone();
            } catch (e) { };
            selection.removeRange(range);
        });

        if (container.classList.contains("highlight")) {
            container.appendChild(copybutton);
        } else if (container.parentNode.firstChild == container) {
            
        } else if (codeblock.parentNode.parentNode.parentNode.parentNode.parentNode.nodeName == "TABLE") {
            
            codeblock.parentNode.parentNode.parentNode.parentNode.parentNode.appendChild(copybutton);
        } else {
            
            codeblock.parentNode.appendChild(copybutton);
        }
    });
</script>


    <script type="text/javascript" src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js" async></script>




    <script src='/js/asciinema-player.js'></script>

                </div>

                <div id="secondary">
    <section class="widget">
        <form id="search" action='https://anttu.gitee.io/search' method="get" accept-charset="utf-8" target="_blank" _lpchecked="1">
      
      <input type="text" name="q" maxlength="20" placeholder="Search">
      <input type="hidden" name="sitesearch" value="https://anttu.gitee.io/">
      <button type="submit" class="submit icon-search"></button>
</form>
    </section>
    
    <section class="widget">
        <h3 class="widget-title">最近文章</h3>
<ul class="widget-list">
    
    <li>
        <a href="https://anttu.gitee.io/post/2025-02-13-mvnd/" title="mvnd结合idea使用" target="_blank">mvnd结合idea使用</a>
    </li>
    
    <li>
        <a href="https://anttu.gitee.io/post/2024-04-15-postgresql/" title="postgresql数据库常用记录" target="_blank">postgresql数据库常用记录</a>
    </li>
    
    <li>
        <a href="https://anttu.gitee.io/post/2023-06-16-miner_virus_5/" title="挖矿病毒5-私有云机房挖矿病毒定位" target="_blank">挖矿病毒5-私有云机房挖矿病毒定位</a>
    </li>
    
    <li>
        <a href="https://anttu.gitee.io/post/2022-12-26-covid-19/" title="羊了" target="_blank">羊了</a>
    </li>
    
    <li>
        <a href="https://anttu.gitee.io/post/2022-12-19-git_delete_history/" title="git删除历史提交记录" target="_blank">git删除历史提交记录</a>
    </li>
    
    <li>
        <a href="https://anttu.gitee.io/post/2022-11-28-python_muilt_version/" title="python多版本管理工具" target="_blank">python多版本管理工具</a>
    </li>
    
    <li>
        <a href="https://anttu.gitee.io/post/2022-11-22-springboot_start_failed/" title="springboot常见兼容性错误" target="_blank">springboot常见兼容性错误</a>
    </li>
    
    <li>
        <a href="https://anttu.gitee.io/post/2022-11-14-docker_port/" title="docker修改运行的容器端口" target="_blank">docker修改运行的容器端口</a>
    </li>
    
    <li>
        <a href="https://anttu.gitee.io/post/2022-11-10-go_muilt_version/" title="go多版本管理工具" target="_blank">go多版本管理工具</a>
    </li>
    
    <li>
        <a href="https://anttu.gitee.io/post/2022-10-27-jenkins_reset/" title="jenkins的admin密码忘记了如何重置" target="_blank">jenkins的admin密码忘记了如何重置</a>
    </li>
    
</ul>
    </section>

    

    <section class="widget">
        <h3 class="widget-title"><a href='/categories/'>分类</a></h3>
<ul class="widget-list">
    
    <li><a href="https://anttu.gitee.io/categories/about/">about (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/android/">android (2)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/app/">app (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/aria2/">aria2 (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/arm64/">arm64 (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/arthas/">arthas (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/awr/">awr (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/backend_execute/">backend_execute (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/backup/">backup (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/blog/">blog (3)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/bug/">bug (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/build/">build (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/cache/">cache (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/caffeine/">caffeine (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/captcha/">captcha (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/check/">check (5)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/clean/">clean (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/cli/">cli (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/cluster/">cluster (4)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/covid-19/">covid-19 (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/cve/">cve (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/cygwin/">cygwin (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/dataguard/">dataguard (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/db/">db (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/deepfacelab/">deepfacelab (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/devops/">devops (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/docker/">docker (5)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/dockerfile/">dockerfile (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/dos/">dos (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/dump/">dump (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/eclipse/">eclipse (2)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/explain/">explain (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/faker/">faker (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/gcc/">gcc (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/git/">git (2)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/gitment/">gitment (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/gitpages/">gitpages (2)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/go/">go (5)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/h2/">h2 (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/h5/">h5 (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/ha/">ha (4)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/http/">http (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/hugo/">hugo (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/id/">id (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/idea/">idea (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/java/">java (24)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/jekyll/">jekyll (2)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/jenkins/">jenkins (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/jrebel/">jrebel (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/js/">js (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/jsr/">jsr (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/jvm/">jvm (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/kafka/">kafka (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/kali/">kali (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/kenlm/">kenlm (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/linux/">linux (22)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/log/">log (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/log4j/">log4j (2)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/lombok/">lombok (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/mac/">mac (5)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/matplotlib/">matplotlib (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/maven/">maven (3)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/mine/">mine (5)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/mongodb/">mongodb (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/mvnd/">mvnd (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/mysql/">mysql (5)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/nginx/">nginx (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/nmap/">nmap (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/oom/">oom (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/oracle/">oracle (3)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/orangePi/">orangePi (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/package/">package (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/pandas/">pandas (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/pg/">pg (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/port/">port (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/postgresql/">postgresql (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/python/">python (8)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/rec/">rec (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/redis/">redis (3)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/regexp/">regexp (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/safe/">safe (5)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/sdk/">sdk (3)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/shell/">shell (3)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/split/">split (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/springboot/">springboot (4)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/springcloud/">springcloud (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/sqlmap/">sqlmap (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/ssd/">ssd (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/tcp/">tcp (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/termux/">termux (2)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/test/">test (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/testing/">testing (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/union_id/">union_id (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/vcs/">vcs (7)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/virus/">virus (5)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/vxvm/">vxvm (3)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/win10/">win10 (6)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/xrebel/">xrebel (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/ynote/">ynote (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/zk/">zk (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/zookeeper/">zookeeper (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/%E5%89%8D%E7%AB%AF/">前端 (1)</a></li>
    
    <li><a href="https://anttu.gitee.io/categories/%E5%AE%B9%E7%81%BE/">容灾 (1)</a></li>
    
</ul>
    </section>

    <section class="widget">
        <h3 class="widget-title"><a href='/tags/'>标签</a></h3>
<div class="tagcloud">
    
    <a href="https://anttu.gitee.io/tags/about/">about</a>
    
    <a href="https://anttu.gitee.io/tags/android/">android</a>
    
    <a href="https://anttu.gitee.io/tags/app/">app</a>
    
    <a href="https://anttu.gitee.io/tags/aria2/">aria2</a>
    
    <a href="https://anttu.gitee.io/tags/arm64/">arm64</a>
    
    <a href="https://anttu.gitee.io/tags/awr/">awr</a>
    
    <a href="https://anttu.gitee.io/tags/backup/">backup</a>
    
    <a href="https://anttu.gitee.io/tags/blog/">blog</a>
    
    <a href="https://anttu.gitee.io/tags/bug/">bug</a>
    
    <a href="https://anttu.gitee.io/tags/build/">build</a>
    
    <a href="https://anttu.gitee.io/tags/captcha/">captcha</a>
    
    <a href="https://anttu.gitee.io/tags/check/">check</a>
    
    <a href="https://anttu.gitee.io/tags/cluster/">cluster</a>
    
    <a href="https://anttu.gitee.io/tags/cygwin/">cygwin</a>
    
    <a href="https://anttu.gitee.io/tags/dataguard/">dataguard</a>
    
    <a href="https://anttu.gitee.io/tags/deepfacelab/">deepfacelab</a>
    
    <a href="https://anttu.gitee.io/tags/dos/">dos</a>
    
    <a href="https://anttu.gitee.io/tags/eclipse/">eclipse</a>
    
    <a href="https://anttu.gitee.io/tags/explain/">explain</a>
    
    <a href="https://anttu.gitee.io/tags/gcc/">gcc</a>
    
    <a href="https://anttu.gitee.io/tags/gitment/">gitment</a>
    
    <a href="https://anttu.gitee.io/tags/gitpages/">gitpages</a>
    
    <a href="https://anttu.gitee.io/tags/go/">go</a>
    
    <a href="https://anttu.gitee.io/tags/h2/">h2</a>
    
    <a href="https://anttu.gitee.io/tags/h5/">h5</a>
    
    <a href="https://anttu.gitee.io/tags/ha/">ha</a>
    
    <a href="https://anttu.gitee.io/tags/http/">http</a>
    
    <a href="https://anttu.gitee.io/tags/hugo/">hugo</a>
    
    <a href="https://anttu.gitee.io/tags/java/">java</a>
    
    <a href="https://anttu.gitee.io/tags/jekyll/">jekyll</a>
    
    <a href="https://anttu.gitee.io/tags/jrebel/">jrebel</a>
    
    <a href="https://anttu.gitee.io/tags/js/">js</a>
    
    <a href="https://anttu.gitee.io/tags/jsr/">jsr</a>
    
    <a href="https://anttu.gitee.io/tags/kafka/">kafka</a>
    
    <a href="https://anttu.gitee.io/tags/kali/">kali</a>
    
    <a href="https://anttu.gitee.io/tags/kenlm/">kenlm</a>
    
    <a href="https://anttu.gitee.io/tags/linux/">linux</a>
    
    <a href="https://anttu.gitee.io/tags/log4j/">log4j</a>
    
    <a href="https://anttu.gitee.io/tags/mac/">mac</a>
    
    <a href="https://anttu.gitee.io/tags/mine/">mine</a>
    
    <a href="https://anttu.gitee.io/tags/mongodb/">mongodb</a>
    
    <a href="https://anttu.gitee.io/tags/mysql/">mysql</a>
    
    <a href="https://anttu.gitee.io/tags/nginx/">nginx</a>
    
    <a href="https://anttu.gitee.io/tags/oom/">oom</a>
    
    <a href="https://anttu.gitee.io/tags/oracle/">oracle</a>
    
    <a href="https://anttu.gitee.io/tags/orangePi/">orangePi</a>
    
    <a href="https://anttu.gitee.io/tags/python/">python</a>
    
    <a href="https://anttu.gitee.io/tags/rec/">rec</a>
    
    <a href="https://anttu.gitee.io/tags/redis/">redis</a>
    
    <a href="https://anttu.gitee.io/tags/safe/">safe</a>
    
    <a href="https://anttu.gitee.io/tags/shell/">shell</a>
    
    <a href="https://anttu.gitee.io/tags/springboot/">springboot</a>
    
    <a href="https://anttu.gitee.io/tags/sqlmap/">sqlmap</a>
    
    <a href="https://anttu.gitee.io/tags/ssd/">ssd</a>
    
    <a href="https://anttu.gitee.io/tags/tcp/">tcp</a>
    
    <a href="https://anttu.gitee.io/tags/termux/">termux</a>
    
    <a href="https://anttu.gitee.io/tags/union_id/">union_id</a>
    
    <a href="https://anttu.gitee.io/tags/vcs/">vcs</a>
    
    <a href="https://anttu.gitee.io/tags/virus/">virus</a>
    
    <a href="https://anttu.gitee.io/tags/vxvm/">vxvm</a>
    
    <a href="https://anttu.gitee.io/tags/win10/">win10</a>
    
    <a href="https://anttu.gitee.io/tags/xrebel/">xrebel</a>
    
    <a href="https://anttu.gitee.io/tags/ynote/">ynote</a>
    
    <a href="https://anttu.gitee.io/tags/zk/">zk</a>
    
    <a href="https://anttu.gitee.io/tags/zookeeper/">zookeeper</a>
    
    <a href="https://anttu.gitee.io/tags/%E5%AE%B9%E7%81%BE/">容灾</a>
    
</div>
    </section>

    

    <section class="widget">
        <h3 class="widget-title">其它</h3>
        <ul class="widget-list">
            <li><a href="https://anttu.gitee.io/index.xml">文章 RSS</a></li>
        </ul>
    </section>
</div>
            </div>
        </div>
    </div>
</body>

</html>